[doc] chore: split and rename

jpayne3506 · jpayne3506 · commit 131c242c9730 · 2025-11-04T18:21:52.000-06:00
diff --git a/docs/feature/swift-v2/setup-guide-azcni.md b/docs/feature/swift-v2/setup-guide-azcni.md
@@ -1,4 +1,4 @@
-# Swiftv2 Cilium Setup Guide
+# Swiftv2 Cilium Upgrade Guide
 
 ## Steps
 ### Clone repo + checkout branch for *.yamls
@@ -7,6 +7,20 @@ git clone https://github.com/Azure/azure-container-networking.git
 git checkout jpayne3506/conflist-generation < TODO Change before merge >
 ```
 
+### Update Conflist
+Leverage a cni build from branch or use `acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0` < TODO Change before merge >
+- This will install our chained conflist through the use of `test/integration/manifests/cni/conflist-installer.yaml`
+
+```
+export CONFLIST=azure-chained-cilium.conflist
+export CONFLIST_PRIORITY=05
+export CNI_IMAGE=acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0
+envsubst '${CONFLIST},${CONFLIST_PRIORITY},${CNI_IMAGE}' < test/integration/manifests/cni/conflist-installer.yaml | kubectl apply -f -
+```
+
+> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed. i.e. `03-azure-chained-cilium.conflist`
+
+
 ### Apply cilium config
 ```
 export DIR=1.17
@@ -17,28 +31,28 @@ kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-
 
 - Remove `kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"` from configmap if kube-proxy is current on nodes
 
-### Apply cilium Agent + Operator
+### Apply cilium Agent + Operator + RBAC
 ```
 kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files
 kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
+envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset.yaml | kubectl apply -f -
+envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-operator/templates/deployment.yaml | kubectl apply -f -
 ```
 
-### Apply/Edit CNS configmap
-```
-kubectl apply -f test/integration/manifests/cnsconfig/azcnichainedciliumconfigmap.yaml
-```
+!!!! TODO !!!!
+ProgramSNATIPTables
+ - What does this do?
+ - Do we need it?
+ - Managed cilium comes up without this set
+Remove `#### Must have configmap values`
+ - Leveraging conflist installer for generic approach
 #### Must have configmap values
 ```
 "ProgramSNATIPTables": false
 "CNIConflistScenario": "azurecni-chained-cilium"
 "CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
 ```
 
-### Update CNS image
-Leverage a cns build from branch or use `acnpublic.azurecr.io/azure-cns:v1.7.5-2-g94c36c070` < TODO Change before merge >
-- This will install our chained conflist through the use of `"CNIConflistScenario": "azurecni-chained-cilium"` and it will be installed on the node here `"CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"`
-
-> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed on restart. I.e. `03-azure-chained-cilium.conflist`
 
 ### If kube-proxy was present
 #### Remove kube-proxy
@@ -57,11 +71,14 @@ kubectl rollout restart ds -n kube-system cilium
     - You do not need to remove if node does not have kube-proxy enabled
   - If applied before agent is in ready state then no need to restart agent
 - Apply Agent + Operator
+
+!!! TODO REPLACE WITH INSTALLER !!!
 - Apply/Edit CNS config with
   - "ProgramSNATIPTables": false
   - "CNIConflistScenario": "azurecni-chained-cilium"
   - "CNIConflistFilepath": "/etc/cni/net.d/05-azure-chained-cilium.conflist"
-- Update CNS image with build from branch or < TODO IMAGE NAME >
+!!!
+- Update CNI image with build from branch or < TODO IMAGE NAME >
   - This will install chained conflist
 
 #### If kube-proxy was present
diff --git a/docs/feature/swift-v2/setup-guide-cil.md b/docs/feature/swift-v2/setup-guide-cil.md
@@ -0,0 +1,59 @@
+# Swiftv2 Cilium Setup Guide
+
+## Steps
+### Clone repo + checkout branch for *.yamls
+```
+git clone https://github.com/Azure/azure-container-networking.git
+git checkout jpayne3506/conflist-generation < TODO Change before merge >
+```
+
+### Update Conflist
+Leverage a cni build from branch or use `acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0` < TODO Change before merge >
+- This will install our chained conflist through the use of `test/integration/manifests/cni/conflist-installer.yaml`
+
+```
+export CONFLIST=azure-chained-cilium.conflist
+export CONFLIST_PRIORITY=05
+export CNI_IMAGE=acnpublic.azurecr.io/azure-cni:linux-amd64-v1.7.5-3-g93d32acd0
+envsubst '${CONFLIST},${CONFLIST_PRIORITY},${CNI_IMAGE}' < test/integration/manifests/cni/conflist-installer.yaml | kubectl apply -f -
+```
+
+> NOTE: if your current conflist file name starts with `05` then change our previous filename to one with higher priority to ensure that it is consumed. i.e. `03-azure-chained-cilium.conflist`
+
+
+### Apply Watcher
+```
+kubectl apply -f test/integration/manifests/cilium/watcher/deployment.yaml
+```
+
+- Watcher obtains existing RBAC and DS from managed node
+  - We overwrite CM values through the use of DS args on the `cilium-agent` container
+i.e. overwrites `--cni-chaining-mode`
+```
+yq eval '.spec.template.spec.containers[0].args += ["--cni-chaining-mode=generic-veth"]' -i "$temp_file"
+```
+
+
+
+### Quick Summary
+- Apply conflist installer to update conflist on BYON
+- Apply Watcher and Overwrite existing CM values through `cilium-agent` container
+
+## Quick Vaildation testing
+- Create pods from deploy
+  - test/integration/manifests/swiftv2/mt-deploy.yaml
+  - Creates `container-*` pods on default namespace
+- Create Cilium Network Policies
+  - test/integration/manifests/cilium/netpol/default-allow.yaml
+  - Will only allow cilium managed endpoints to transmit traffic through default namespace
+- Check Cilium Management with
+  - `kubectl get cep -A`
+  - `kubectl get cnp -A`
+- Check connectivity
+  - exec -it <container-*> -- sh
+  - ip a
+    - look for delegatedNIC IP
+  - ping <IP>
+  - confirm CNP working by attempting to ping coredns pods
+    - should fail if both are being maintained by cilium
+    - confirm with `kubectl get cep -A`
